Researchers at CrowdStrike recently released a report detailing an attempt by the advanced persistent threat group Aquatic Panda to steal industrial intelligence and military secrets. Aquatic Panda targeted an unknown academic institution in the attack, which was successfully thwarted by CrowdStrike. The cybercriminals are the latest group to exploit the Log4Shell vulnerability in its attacks. During the attack, CrowdStrike observed the group attempting to use Log4Shell exploit tools on a vulnerable VMware installation.

The suspicious activity was uncovered by CrowdStrike, which led them to search for unusual processes associated with the VMware Horizon Tomcat web server. The malicious activity was ties to the target’s infrastructure, according to CrowdStrike. The cybersecurity professionals immediately begun incident response protocol, in collaboration with the academic institution. CrowdStrike has been monitoring for suspicious activity regarding the Log4Shell vulnerability that was discovered in early December and immediately leveraged by attackers.